Giving all jupyterhub 2.0 users access to a resource

TL;DR: How to give all users access to a jupyerhub resource on jhub 2.0?

I’m experimenting with RBAC and RTC on Jupyterhub 2.0, largely inspired by ideas brought up in

My immediate plan, while waiting for server-level access control, is to create a single user shared, so that all other users would be able to access the shared user server. I figured that I need to do something like:

c.JupyterHub.load_roles = [
    {
     	"name": "shared_access",
        "description": "Allow users to access the shared server",
        "scopes": ["access:servers!user=shared"],
        "roles": ["user"],
    }
]

However I can’t figure out how to ensure that this role is applied to all users on the server. I’ve checked
https://jupyterhub.readthedocs.io/en/stable/rbac/roles.html
but couldn’t figure it out.

So you want one server that all users can access? Can I ask why you want to do this? It may cause issues with people overwriting each other’s notebooks. Some alternatives to this is mounting a shared EFS either read-only or read/write or you can use binderhub.

Please see the post I shared about RTC in jupyterhub. Thanks to collaborative editing available in jupyterlab, I expect this will work just fine in my environment.

1 Like

Interesting! This was not on my radar.

1 Like

I went with

c.JupyterHub.load_roles = [
    {
        "name": "user",
        "description": "Allow users to access the shared server in addition to default perms",
        "scopes": ["self", "access:servers!user=shared"],
    }
]

where shared is a user reserved for shared access.

Just chiming in here that specifying the user role in load_roles is absolutely the intended way to change what all JupyterHub users are allowed to do. Additional roles can be assigned to specific users, and I suppose we could support a ‘default roles’ list configuration to make it easier to group collections of permissions that are all enabled by default, but this is the right approach for the moment.

1 Like